Posts tagged “Anonymity”

The journal Index on Censorship has published an article I wrote. In it I argue that there is a failure to recognise Internet censorship and surveillance as a growing global concern. There is a tendency instead to criticise the most infamous offenders-notably China and Iran-and to overlook repressive practices elsewhere. There is, however, a growing resistance to Internet censorship and surveillance, although it is often characterised as a struggle confined to dissidents in a few select authoritarian regimes.

Battles are being fought all over the globe, while the development and use of technologies that protect privacy and make it possible to circumvent censorship are rapidly increasing. The same tools helping dissidents to evade censorship in repressive countries are also being used by citizens in democratic countries-to protect themselves from unwarranted Internet surveillance. Focusing on the global character of both the practice of Internet censorship and surveillance, as well as the resistance to it, provides for both a better understanding of this important trend as well as for the possibility of creating global alliances to combat its spread.

This article in Foreign Policy is representative of accounts of the development and use of anti-Censorship/privacy enhancing technologies that only tell part of the story. While technologies such as Tor and psiphon are given great treatment, the frame used to contextualize their use gives the misleading impression that they are only used in “repressive” countries:

One software program called Psiphon, which was developed by researchers at the University of Toronto’s Citizen Lab, allows any person with a computer to serve as a proxy for someone living behind a firewall. Since it was launched a year ago, more than 100,000 people have turned their personal computers into proxies.

The most sophisticated proxy technology may be Tor, developed jointly by the U.S. Naval Research Laboratory and the Electronic Frontier Foundation, an Internet freedom advocacy organization. Tor is a downloadable software that routes an Internet surfing session through three proxy servers randomly chosen from a network of more than 1,000 servers run by volunteers worldwide. “Tor is state of the art,” says John Mitchell, an expert on Internet security at Stanford University. For citizens of repressive regimes, it may be the best hope or evading the cat’s paw.

This partial picture ignores the global use of these technologies. More and more countries are censoring the Internet — not just China and Iran.

Here’s an interesting anecdote. When psiphon was released the CBC, Canada’s national public broadcaster, covered it but the reporter working on the story had to phone me at the Citizen Lab because she could not access the psiphon website from CBC because it was blocked by their filtering software, aka censorware. This is not the first time I’ve heard this. Reporters at CBC need to use tools like psiphon to do their jobs!

The other missing piece is surveillance. The U.S., which has the most sophisticated electronic surveillance program in the world, has been caught illegally spying on citizens. Anti-Censorship/privacy enhancing technologies are used all over the world. Even the Privacy Commissioner of Canada recommends that Canadians use anonymous communications technologies. These are tools developed for and used by people all over the world. To pitch them as something that’s only used in repressive countries is misleading and inaccurate.

Not fully understanding or improperly using applications that protect your privacy and allow you to bypass censorship can seriously affect your online security. A researcher recently revealed that he was able to gather sensitive data including the user names and passwords of government email accounts by snooping on the traffic of five Tor exit nodes he controlled. If you are not using end to end encryption the Tor exit node can see your traffic in plain text. as the researcher notes:

ToR isn’t the problem, just use it for what it’s made for.

This reminds me of the “trick” a lot of people use in which they set up an email account but don’t actually send email but rather just store email in the drafts folder thinking that this protects them from government surveillance. Unless the full session is encrypted, and many using this technique are using web mail account which only encrypt the login not the rest of the traffic, it can still be snooped even though you are not “sending” the email.